d7d00bd1c405e482c0ea0ff28557ce2c24a30eb0a6a301d46bffb14b4df4f334

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78bf3f04711767e904d6010f781f3396_JaffaCakes118.exe
Size

112KB
MD5

78bf3f04711767e904d6010f781f3396
SHA1

621459207b585a8e00d2af2e58be018f4b0cce98
SHA256

d7d00bd1c405e482c0ea0ff28557ce2c24a30eb0a6a301d46bffb14b4df4f334
SHA512

06dfa1a56885afc587431c53fb149c7e6b82750324b882b5669a1c9d28b04d092fac17e03aed15a525f649e8c73bb565a30d3f221a66141b7e8e8d897517770d
SSDEEP

1536:9i5jb2JqrAZV9zEFAz8lJXQIesMjHWWFGXUHBCmjAcwbhIGSolaGNgb4le:9cjqbj9zEmolJIsXWkQ7tagb4le

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	78bf3f04711767e904d6010f781f3396_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\78bf3f04711767e904d6010f781f3396_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\78bf3f04711767e904d6010f781f3396_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...